This is an old revision of the document!
Network Services Overview SSH
General Information
This page covers the Network Services objectives, specifically for ssh.
Network Services Objectives
- Install the packages needed to provide the service
- Configure SELinux to support the service
- Use SELinux port labeling to allow services to use non-standard ports
- Configure the service to start when the system is booted
- Configure the service for basic operation
- Configure host-based and user-based security for the service
Install the packages needed to provide the service
Install the service: This should already be installed by default.
yum install openssh openssh-server
- openssh → the ssh client
- openssh-server → the ssh daemon
Configure SELinux to support the service
- Service agnostic → Ensure SELinux is running and enabled (RHCSA objective).
Use SELinux port labeling to allow services to use non-standard ports
Configuring the <service-name> with a non standard port and allowing port access with selinux.
NOTE: “man semanage-port” has examples for allowing non-standard ports!
Configure the service to start when the system is booted
Check Current Service Status
systemctl status <service-name>
- Also displays if the service is enabled or disabled
Enabling a service to start on boot
systemctl enable <service-name>
Configure the service for basic operation
Enable and Start the service
systemctl enable <service-name> systemctl start <service-name>
Configure host-based and user-based security for the service
Firewall
Allow access through the firewall
firewall-cmd --permanent --add-service=<service-name> firewall-cmd --reload